The IEEE 802.16 standard (herein referred to as WiMAX) communication standard, among other packet data communication systems, can provide security features to prevent unauthorized users from accessing data on the network. These security features not only provide a measure of privacy for a user of the network, but also allows a service provider to establish some measure of control over access to its network.
One common technique to provide these security features is to use a Public Key Infrastructure (PKI) to provide authentication and privacy of messaging on the network. For example, access terminals and authentication servers within the service network utilize the asymmetric properties of public key cryptography to authenticate the end points of the communication link to prove to each other that at least one end point in the communication path has possession of a private key which is cryptographically associated with a public key that can be shared with the remote party. Typically a digital certificate is utilized by one or both of the end points of the communication link that contains an immutable set of attributes including the identity of the end point itself, the public key of the end point, and a signature from a certificate authority. Utilizing well known PKI based techniques, the end point(s) can validate that a digital certificate is signed by a trusted certificate authority and that the remote party has possession of the private key, the implication of which is that the identity of the remote party has been cryptographically validated.
Network service providers sometimes employ a standard authentication protocol framework, such as the Extensible Authentication Protocol (EAP), defined in RFC 3748, as a carrier protocol of the authentication mechanism. The EAP defines an authentication framework while security or privacy is achieved by using a key management protocol. The EAP protocol is highly versatile and easily expandable, and may carry various authentication mechanisms to conduct the authentication exchange. These may be referred to as EAP-specific authentication methods or mechanisms. Examples include EAP-TLS, EAP-SIM, EAP-AKA, PEAP, LEAP and EAP-TTLS. At the same time, it does not limit underlying carrier mechanisms, which could be link layer paths, e.g. Ethernet, WiFi (Wireless fidelity), WiMAX (World Interoperability for Microwave Access), as well as higher-layer paths such as IP, UDP (User Datagram Protocol) and RADIUS (Remote authentication Dial-In User Service).
Authentication frameworks often employ digital certificates and may include a certification policy, which defines the particular practices and procedures by which the digital certificates are used. Various standards have been developed for digital certificates, one of the most popular being the X.509 standard.